Publications and other reference materials referred to herein are numerically referenced in the following text and respectively grouped in the appended Bibliography which immediately precedes the claims.
Advanced Persistent Threats (APTs) on an organization usually follow a methodological process for conducting an attack. This process consists of the following main steps that are shown schematically in FIG. 1: (1) Reconnaissance, (2) Initial Exploitation, (3) Gaining Access/and establishing Command & Control, (4) Privilege Escalation, (5) the actual attack (Exfiltration & Subversion) and (6) Maintain Persistence and Covering tracks.
Detecting an APT at the Reconnaissance phase is very difficult since usually the activity is performed out of the organization's premises and without direct interaction with the organizational resources. At some point, the activity reaches a specific point within the organization (the entry point to the organization) to the next phases.
It is a purpose of the present invention to provide a method of detecting APTs at the Reconnaissance phase.
Further purposes and advantages of this invention will appear as the description proceeds.